How to show max count of yesterday with 1 hour time bucket?

asp · November 17, 2017, 9:23am

Hi,

I am watching the data of yesterday (complete day).
No I have the task to show the max event count per hour for the timespan set.

How do I do it? How can I return the max value of multiple buckets?

My current workaround is the following:
table visualization

date histogram by 1 hour interval
show only one line
sort by count descending

Is there any better way than that? So that I can get the number directly without having the overhead of the paging UI?

Thanks, Andreas

chrisronline · November 17, 2017, 4:36pm

Hi @asp,

When you say count, are you referring to the total number of documents in the index for the given timestamp? Are you referring to a custom field for your dataset?

I ask because it seems you can simply remove the show only one line and see the information you want (unless I'm misunderstanding).

asp · November 20, 2017, 8:57am

I set "yesterday" in time picker.

by setting date histogram to 1 hour, I will get following as example:
Time Count
...

...
So I only want to have the count of 220 from 11:00 be given back.

chrisronline · November 21, 2017, 7:45pm

Hi @asp,

Try:

Create a new Metric visualization
Under Metrics, select Sibling Pipeline Aggregations -> Max Bucket
For the bucket, do the same Date Histogram aggregation as you're doing
For the metric, select Count

Lemme know if that works!

asp · November 22, 2017, 8:33am

Hi,

not working in 5.1.2 which is currently in our production, but working like charm in 5.5.x.
Since I am currently working on an update to 6.latest I expect it to work there afterwards.

Thanks a lot.

chrisronline · November 22, 2017, 7:51pm

Great, glad you got something working!

system · December 20, 2017, 8:06pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.